Forum

Reverse proxy - how to identify domain

Fred
23 August 2016, 17:18
Hi Hugo,

We use Hiawatha on all our servers and to server all of them, we use a reverse proxy.
We curently have a lots of error like this:
...
62.210.148.91|Tue 23 Aug 2016 11:33:49 +0100|No cypher overlap during TLS handshake.
62.210.148.91|Tue 23 Aug 2016 11:33:49 +0100|No cypher overlap during TLS handshake.
77.99.233.113|Tue 23 Aug 2016 11:33:54 +0100|No cypher overlap during TLS handshake.
77.99.233.113|Tue 23 Aug 2016 11:33:59 +0100|No cypher overlap during TLS handshake.
77.99.233.113|Tue 23 Aug 2016 11:35:16 +0100|No cypher overlap during TLS handshake.
...

We have rectify this issue by changing MinTLSversion to 1.0
We have around 10 domain running ...
Question is: how do we know how many of the 500 IP address we found belong to which domain?
Hugo Leisink
24 August 2016, 00:38
If a client application can't do a normal TLS handshake, it's not a normal browser. Probably some bot. I have those message also a lot in my log file. You can ignore them.

I don't understand your last question. 500 IP addresses found where?
Fred
24 August 2016, 10:29
Let me clarify...
I started noticing this message when a client told us that they can never make a connection to our website..
Once I got the client IP address, I did
more system.log | grep 82.132.247.xxx
and ended up with the message
No cypher overlap during TLS handshake.

Once I changed my hiawatha.conf file setting from MinTLSversion to 1.2 to MinTLSversion to 1.0, then the client managed to connect to our site..
That customer was using a very old android phone with old browser
I then went to find out how many more single IP I could find with the associated message and I found over 500 single IP.

When I look at the system.log file on the hiawatha reverse proxy server, How do I know if the message is for domain1.com or anotherdomain.com?
Hugo Leisink
25 August 2016, 21:18
There is no domain selection yet. There is only a SSL / TLS handshake. The actual HTTP request, which contains the hostname (domain), is not sent at that time. If the handshake fails, no HTTP request will be sent. No HTTP request, no domain name.
This topic has been closed.